Remote Code Execution Vulnerability in Internet Explorer on Windows XP and Older Versions
CVE-2004-0839

Currently unrated

Key Information:

Vendor

Avaya
Status
Definity One Media Server
Ie
S8100
Ip600 Media Servers
Vendor
CVE Published:
18 August 2004

What is CVE-2004-0839?

A vulnerability in Internet Explorer, specifically in versions such as 5.01 and 5.5, as well as Windows XP SP2, permits remote attackers to execute arbitrary code on users' systems. This can be achieved through specially crafted web pages that leverage specific CSS styles, the AnchorClick behavior, and drag-and-drop features to silently drop malicious executables into the user's local startup folder, thereby executing them upon system startup. To mitigate this issue, users are advised to apply updates from Microsoft and adhere to best practices in web security.

References

https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
http://www.securityfocus.com/bid/10973
vdb-entryx_refsource_BID
http://marc.info/?l=bugtraq&m=109336221826652&w=2
mailing-listx_refsource_BUGTRAQ

EPSS Score

38% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.